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- Tho MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- !f the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )1EI Responsive to connmunication(s) file(d on 14 December 2000 . 
2a)n This action is FINAL. 2b)[3 This action is non-final. 

3) n Since this application is in condition for allowance except for fonnal matters, prosecution as to the merits is 

close(j in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) 1EI Claim(s) 1-18 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 09 Aoril 2001 is/are: 3)M accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the con-ection Is required if the drawing(s) Is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or fomi PTO-152. 

Priority under 35 U.S.C, § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 
2.n Certified copies of the priority documents have been received in Application No. 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. 



The IDS of 4/2/01 was received and considered. 



2. 



Claims 1-18 are pending. 



Claim Rejections - 35 USC§112 



3. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

4. Claims 1-18 are rejected under 35 U.S.C, 112, first paragraph, as failing to comply with 
the enablement requirement. The claim(s) contains subject matter which was not described in 
the specification in such a way as to enable one skilled in the art to which it pertains, or with 
which it is most nearly connected, to make and/or use the invention. The step of 
''authenticating" the user password in claims 1, 7 & 13 is not described in detail in the 
specification. It is unclear whether "authenticating the user password" involves the use of "the 
application's associated password". 

5. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claims 1-18 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 
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a. The relationship between ''network user ID and password information" (page 14, 
line 7), "user ID and password data" (page 14, line 1 1) and "user ID and password" (page 
14, line 14) is unclear. 

b. It is unclear whether "the user ID and password" (page 14, hne 14) is referring to 
"user ID and password data" or "network user ID and password information". 

c. Claims 7 & 13 are substantially equivalent to claim 1 and are therefore rejected 
under similar rationale. 

d. Claims 2-6, 8-12 & 14-18 are rejected based on their dependent on claims 1, 7 & 
13, respectively. 

7. Claims 1, 7 & 13 recite the limitation "the user password" in page 14, line 16. There is 
insufficient antecedent basis for this limitation in the claims. Claims 2-6, 8-12 (& 14-18 are 
rejected based on their dependent on claims 1, 7 & 13, respectively. 

8. Claims 1, 7 & 13 recite the limitation "the registered appUcation" in page 14, line 13. 
There is insufficient antecedent basis for this limitation in the claims. A suggested replacement 
would be "one of the registered appUcations". Claims 2-6, 8-12 & 14-18 are rejected based on 
their dependent on claims 1, 7 & 13, respectively. 

9. Claim 5 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing 
to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. It is unclear which passwords (page 14, lines 3, 1 1, 13, 15 & 16, page 15, line 10) the 
reference "all passwords"(page 15, line 13) refers (all other user passwords, all passwords stored 
for a particular application). For the purposes of this Office Action, the limitation ''all 
passwords" is understood to mean, ''all passwords associated with the registered application '\ 
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Claim Rejections - 35 USC § 103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

11. Claims 1-4, 6-10, 12-16 & 18, as best understood, are rejected under 35 U.S.C. 103(a) as 
being unpatentable over U.S. Patent 6,182,142 to Win et al. (Win) in view of "Password Officer 
2000, The complete password management solution" by Compelson Laboratories (Compelson) 
in further view of "Understanding Network Security" by Edwards. 

Regarding claims 1, 7 & 13, Win discloses entering network user ID and password 
information into a central database/Registry repository (col. 15, line 67 - col. 16, line 3), 
receiving user ID and password data from an application login/browser (col. 9, lines 63-67), 
sending the user ID and password to the LDAP server/Registry server (col. 9, line 63 - col. 10, 
line 5 & col. 6, lines 46-63), authenticating the user password (col. 9, line 63 - col 10, line 5), 
sending a response from the LDAP server/Registry server back to the application/browser (col. 
9, line 63 - col. 10, line 5), and granting access to the application/browser (running a protected 
resource) only if the authentication is verified (col 9, lines 5-10). Win lacks registering network 
applications and their associated passwords with a LDAP server, identifying the registered 
appHcation and retrieving the apphcation's associated password. While Win does not explicitly 
describe the registration, it is inherent that the appUcations must be entered into the database 
before they can be accessed for authentication purposes. Further, Compelson teaches a secure 
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method of managing passwords using a database of passwords where a password is retrieved 
from the database, depending on the identified application (page 4, T|l). Compelson also teaches 
that there are situations where more than one password is used for a particular application (page 
8, Tf3). Further, Edwards teaches that good password poUcy is to never use the same password 
for multiple systems (page 13, 1f7 (list)). Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to modify Win so as to make use of 
multiple passwords for a single application by identifying the registered application and 
retrieving the password for that application, as taught by Compelson. One of ordinary skill in the 
art would have been motivated to perform such a modification to simpHfy password 
management, as taught to be beneficial by Compelson (pages 4 & 8) and to allow the user to 
have a separate password for each system, as taught by Edwards (page 13, f7 (hst)). 

Regarding claims 2, 8 & 14, Win discloses encrypting the user ID and password using 
SSL (col. 22, line 65 - col. 23, line 34). 

Regarding claims 3, 9 & 15, Win discloses allowing the user to submit a new user ID and 
password (col. 10, lines 26-53). 

Regarding claims 6, 12 & 18, Win discloses modifying multiple accounts (col. 19, lines 

1-9). 

12. Claims 4, 10 & 16, as best understood, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win in view of Compelson and Edwards, as appUed to claims 1, 7 & 13 above, 
in further view of U.S. Patent Application Publication 2001/0034733 to Prompt et al (Prompt). 
As modified above, Win lacks setting the password attribute to a referral object representing 
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other passwords and associated applications. However, Compelson teaches that it is often 
required of a user to use more than one password for an appUcation (page 8, p). Further, 
Prompt teaches that one can achieve unlimited flexibility by using referral objects, which allow 
the referencing of even more referral objects (^120). Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to set one password 
attribute, wherein the value of the password attribute is set to a referral object where all the 
passwords and associated apphcations for the user are stored. One of ordinary skill in the art 
would have been motivated to perform such a modification to gain unlimited extensibility, as 
taught by Prompt (11120) and to store multiple passwords a single application, as taught by 
Compelson (page 8). 

13. Claims 5, 1 1 & 17, as best understood, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win in view of Compelson and Edwards, as applied to claims 1, 7 & 13 above, 
in further view of "4^^ Dimension 3.0. 1" by Seiter, in further view of "Database Glossary" by 
Hastings. Win, as modified above, lacks storing the application as a multiple-value attribute and 
comparing the password provided to all passwords to determine the right to access the desired 
application. However, Seiter teaches that improved security can be achieved by allowing 
individual users have different passwords for a file, allowing different security levels (page 3, 
P). Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to store multiple passwords. One of ordinary skill in the art would have 
been motivated to perform such a modification to allow the definition of different security levels 
for a given application, as taught by Seiter (page 3, 1f3). As modified, Win lacks storing the 
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application password as a multiple- value attribute. However, Hastings teaches that multivalued 
attributes are used in database creation when one database entity is to have more than one value 
to an attribute, such as a single user having more than one phone number (page 4, ^8). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to store the multiple passwords in a multiple-value attribute. One of 
ordinary skill in the art would have been motivated to perform such a modification to store more 
than one value in an attribute of a database entity, as taught by Hastings (page 4, ^8). 



Conclusion 

14. The prior art made of record and not rehed upon is considered pertinent to applicant's 
disclosure. 

a. U.S. Patent Apphcation Publication 2003/0204530 is cited for teaching referral 
objects. 

b. U.S. Patent Apphcation PuWication 2002/0073309 is cited for teaching key 
(password) repositories. 

c. The Pind references are cited for teaching general LDAP and using LDAP/databases 
to store user passwords and user Ids. 

d. The '884, '480 & '810 references are cited for teaching single-sign on methods using 
proxies. 

e. The '648 reference is cited for teaching an authorization server using LDAP to store 
users, associated application ids and gateway ids. 
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f. The '737 reference is cited for teaching associating a user, biometric information and 
authorized appHcation ids in a database, where the biometric server is registered with 
information associating an authentication policy to a particular application. 

g. The Kormann reference is cited for teaching an authentication server scheme. 

h. The '451 reference is cited for teaching that it is beneficial to maintain a central server 
for authentication rather than having clients do it, to remove the burden from the clients. 

i. The WebFeat reference is cited for teaching enabling a single organization to use 
multiple passwords to access the same database. 

j. The "Unix security" reference is cited for teaching storing old passwords and checking 
an entered password against all passwords. 



1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (703)305-8191. 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4: 15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. -3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (703)308-4789. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, DC 20231 
Or faxed to: 

(703)746-7239 (for formal communications intended for entry) 

Or: 

(703)746-7240 (for informal or draft communications, please label "PROPOSED" 
or "DRAFT") 

Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal Drive, 
Arlington, VA 22202, Fourth Floor (Receptionist). 
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Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (703) 305-9000. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




MJS 

June 30, 2004 





